 Development discussion for Metasploit, the premier open source remote exploitation tool
List Archives
Latest Posts
Re: Large scan, GUI seems hung
HD Moore (May 22)
Thanks - great feedback. The import code is a little tricky to affect by UI
options, but there are some workarounds (sort by service count, select all,
delete). Still debating whether this needs another update cycle to bake
before we make this change.
-HD
-----Original Message-----
From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of Sean Carolan
Sent: Tuesday, May 22, 2012 11:35 AM
To:...
Re: Large scan, GUI seems hung
Sean Carolan (May 22)
Sorry, just realized I was replying only to you and not the list. I
have mixed feelings about this one. On one hand, if you want a
thorough audit of your entire network, you'd want to include devices
that are "up" but do not have any open or closed ports. On the other
hand, if you have some kind of firewall masquerading as hundreds or
thousands of machines that might clutter your results.
Maybe make it an optional feature, or...
Re: rhosts and vhost
Robin Wood (May 22)
It is now a feature request:
https://dev.metasploit.com/redmine/issues/6901
Robin
rhosts and vhost
Robin Wood (May 22)
I've noticed in a few auxiliary modules you can set the RHOSTS field
to multiple values but only set the VHOST to a single value
RHOSTS yes The target address range or
CIDR identifier
VHOST no HTTP server virtual host
As it is unlikely that multiple hosts will have the same VHOST so
shouldn't VHOST become VHOSTS and allow a list which maps to the
RHOSTS?
Robin
Re: Nmap 6.0 Released!
Dan Tentler (May 21)
So epic!
Definitely looking forward to NSE scripting in metasploit :D
-Dan
Nmap 6.0 Released!
HD Moore (May 21)
The fine folks at Insecure.org have just released the first major version of
Nmap in over three years. This release brings the new NSE scripting engine,
better web application scanning, full IPv6 scanning support, a standalone
'nping' tool, a shiny new Zenmap interface, and much faster scans in
general.
The Metasploit team uses Nmap heavily, ships Nmap with our installers (we
should have 6.0 in an upcoming Software Update from the web...
Re: Large scan, GUI seems hung
HD Moore (May 21)
Just to clarify - which GUI? The web interface, MSFGUI, or Armitage? The
Metasploit CE/Pro web interface has been tested with tens of thousands of
hosts, sometimes in a single scan. If you can provide a copy of the task log
offlist I can take a look and see what might be the issue.
-HD
-----Original Message-----
From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of Sean Carolan
Sent:...
Re: Large scan, GUI seems hung
Jonathan Cran (May 21)
We've benchmarked it against networks of ~10k hosts, with ~3k up.
Anything larger than that, i'd personally recommend you tweak and use
standalone nmap / import, if only to have an immediate backup of the
scan data.
jcran
Large scan, GUI seems hung
Sean Carolan (May 21)
In practical terms, what's the maximum number of hosts/networks that
can be scanned using the GUI tool? I submitted a fairly large number
of /24 networks for scanning, and the "Launch Scan" button is still
spinning. One of the machine's CPUs is pegged at 100%, so it looks
like it's doing *something*.
Just curious what you all have found in your experience regarding the
sizing of network scans.
linux x86 meterpreter portfwd bug
Anestis Bechtsoudis (May 19)
Hello list,
while messing around with linux meterpreter's network features, I
spotted that portfwd poses some malfunctions. If the dev team is
familiar with this bug excuse me for this double report (a quick search
doesn't reveal any relevant tracked issue).
After applying the port forward rule, only data from the first TCP
connection attempt reach the end service. Continuing with tcpdump
debugging I discovered that the FIN packets...
Re: msf pro vpn issue.
HD Moore (May 18)
Hi Ivan,
We filed this as a bug and will have it fixed in next week's update. Thank
you for the report.
-HD
From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of Ivan Leoni
Sent: Sunday, May 13, 2012 5:41 PM
To: framework () spool metasploit com
Subject: [framework] msf pro vpn issue.
MSF Pro (las update) vpn creation, is ignoring the dhcp checkbox and always
try to get the ip...
Re: Meterpreter reverse_tcp pivot + socks4a proxy dies
HD Moore (May 18)
The Linux meterpreter is not quite production ready at this point, thanks
for the bug report, we will look into it. You might try using the java
meterpreter instead for the time being.
-HD
From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of Lukas Kuzmiak
Sent: Monday, May 14, 2012 12:05 PM
To: framework () spool metasploit com
Subject: [framework] Meterpreter reverse_tcp pivot +...
H2HC Brazil 9th Edition - Call for Papers
Rodrigo Rubira Branco (BSDaemon) (May 18)
CALL FOR PAPERS - Hackers 2 Hackers Conference 9th edition
The call for papers for H2HC 9th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, from 18 to 23 October 2012.
[ - Introduction - ]
For the ninth consecutive year and past success we have been having,
the annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
from 18 to 23 October 2012 and aims to get together industry,
government,...
Re: Discovery scan through proxies?
Sean Carolan (May 16)
Absolutely, this is awesome.
Re: Discovery scan through proxies?
Jonathan Cran (May 15)
Sean -- yes, definitely. this is probably something best implemented with
some scripting / rpc, or at a lower layer with specific routes / network -
are you using pro or the framework? Assuming pro (but the same principles
apply for the framework), you could also use an RC file to set the PROXIES:
<discover_all.rc>
# run first scan without a proxy
pro_discover 10.0.0.0/24
set PROXIES socks4:localhost:1080
# run second scan through a pivot...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
| 
Current Quarter
RSS Feed
About List
All Lists